Keys & caps

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

this far I accessed my Ceph (0.48) FS with the client.admin key, but I'd like 
to change that since I don't want to allow clients to control the cluster.

I thought I should create a new key, give it some caps (don't exactly know 
which ones), and distribute it to clients. Here are some things I don't 
know/understand:

* What do the r, w, x, and * caps ("permissions"?) mean on a mon, mds, or osd?

* What's the difference between (for example) 'allow rw' and 'rw' caps? `ceph 
auth` seems to understand (and display as specified) both forms.

Not to run into issues with caps, I've created a key with the same caps as the 
current client.admin, but with a different key, called client.access_fs. I 
planned to narrow down the caps after I made the mount work with the new key.

$ sudo ceph auth list
installed auth entries: 
[...]
client.access_fs
        key: AQ...==
        caps: [mds] allow
        caps: [mon] allow *
        caps: [osd] allow *
[...]

I've copied the key to the client as /etc/ceph/keyring:

[client.access_fs]
        key = AQ...==

I have 'keyring = /etc/ceph/keyring' in my ceph.conf [global] section on the 
client. Now trying to mount the filesystem fails with

$ sudo mount /mnt/ceph
ceph-fuse[1784]: starting ceph client
ceph-fuse[1784]: ceph mount failed with (1) Operation not permitted
ceph-fuse[1782]: mount failed: (1) Operation not permitted

Adding '-o name=client.access_fs' to the command line yields the same result. 
If I copy the client.admin key into the keyring file, it works. (However, 
adding the same mount option again (so the name= parameter and the key name in 
the file do not match), I get an error (which seems okay to me, not sure about 
the correctness):

$ sudo mount /cloud/ -o name=client.access_fs
ceph-fuse[1835]: starting ceph client
ceph-fuse[1835]: starting fuse
fuse: unknown option `name=client.access_fs'
2012-07-09 16:03:18.343793 7fb0e7b8b780 -1 fuse_lowlevel_new failed
ceph-fuse[1835]: fuse finished with error 33
ceph-fuse[1833]: mount failed: (33) Numerical argument out of domain

Could you clear up the confusion in my head? :)

Thanks,
-- 
cc


--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [CEPH Users]     [Ceph Large]     [Information on CEPH]     [Linux BTRFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]
  Powered by Linux